<?php
//20090211
//	GetLangString updated
//	TODO: align code

if ($_REQUEST['delete']){
	$deleteme = escapestr($_REQUEST['delete']);
	$query	=	"SELECT * from comments where `id`=$deleteme";
	$result = mysql_query($query);
	if (mysql_num_rows($result)){ 
		$message = mysql_fetch_assoc($result);
		if ($id == $message['to'] or $id == $message['from']) {
			$query  = "DELETE from comments where id='$deleteme'";
			$result = mysql_query($query);
			if ($result){ 
				$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_deleted"),GetLangString($lang,"msg_deleted")
								."<br><a href='".$_SERVER['HTTP_REFERER']."'>" .
								GetLangString($lang, 'msg_pmbacklink'));
			} else { 
				$SITE_MIDDLE .=FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
			}	
		} else {
			$SITE_MIDDLE .=FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_notyourmessage")
								."<br><a href='".$_SERVER['HTTP_REFERER']."'>" .
								GetLangString($lang, 'msg_pmbacklink')."</a>");
		}
	} else {
		$SITE_MIDDLE .=FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_messagenotfound"));
	}  
}

if ($_REQUEST['photodelete']){
	$deleteme = escapestr($_REQUEST['photodelete']);
	$query	=	"SELECT * from photocomments where `id`=$deleteme";
	$result = mysql_query($query);
	if (mysql_num_rows($result)){ 
		$message = mysql_fetch_assoc($result);
		$query2 = "SELECT `owner` from `photos` where `id` = ".$message['to']."'";
		$result2 = mysql_query($query2);
		$toid = mysql_result($result2,0); 
		if ($id == $toid or $id == $message['from']) {
			$query  = "DELETE from photocomments where id='$deleteme'";
			$result = mysql_query($query);
			if ($result){ 
				$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_deleted"),GetLangString($lang,"msg_deleted")
								."<br><a href='".$_SERVER['HTTP_REFERER']."'>" .
								GetLangString($lang, 'msg_pmbacklink'));
			} else { 
				$SITE_MIDDLE .=FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
			}	
		} else {
			$SITE_MIDDLE .=FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_notyourmessage")
								."<br><a href='".$_SERVER['HTTP_REFERER']."'>" .
								GetLangString($lang, 'msg_pmbacklink'));
		}
	} else {
		$SITE_MIDDLE .=FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_messagenotfound"));
	}  
} else
if ($_POST['add']){
	$from = escapestr($_POST["from"]);
	$to = escapestr($_POST["to"]);
	$type = escapestr($_POST["type"]);
	$text = text2html(escapestr($_POST["text"]));
	$profile_id=$to;
	$query = "INSERT INTO comments (`from`,`to`,`type`,`text`,`time`) VALUES ('$from','$to','$type','$text','".time()."')";
	
	if (SecurityCheck($query)) {
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_baddata"));
	} else {
		$result = mysql_query($query);
		if ($result) {
			$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_pm"),GetLangString($lang,"msg_messagesent").
								"<br><a href='/index.php?do=profile&profile_id=$to'>" .
								GetLangString($lang, 'msg_pmbacklink'));
			
			//--
			
			
 		} else {
			$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
 		}
	}
} else 
if ($_POST['photoadd']){
	$from = escapestr($_POST["from"]);
	$to = escapestr($_POST["to"]);
	$type = escapestr($_POST["type"]);
	$text = text2html(escapestr($_POST["text"]));
	$profile_id=$to;
	$query = "INSERT INTO photocomments (`from`,`to`,`type`,`text`,`time`) VALUES ('$from','$to','$type','$text','".time()."')";
	
	if (SecurityCheck($query)) {
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_baddata"));
	} else {
		$result = mysql_query($query);
		if ($result) {
			$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_pm"),GetLangString($lang,"msg_messagesent"). 
					"<br><a href='/index.php?do=viewphoto&photo_id=$to'>" .
				GetLangString($lang, 'msg_photobacklink'));
			//--
 		} else {
			$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
 		}
	}
} else 





{


	
	$query	=	"SELECT * from comments where `to`=$id";

	$result = mysql_query($query);
	if (mysql_num_rows($result)){ 
	while ($comment = mysql_fetch_array($result)) {
	 
		$query        = "SELECT * from users where id='".$comment['from']."'";
		$result_name	= mysql_query($query);
		if (mysql_num_rows($result_name)){ 
//			$from = mysql_result ($result_name,0);
//			$from = "<a href=\"index.php?do=profile&profile_name=$from\">$from</a>";
			$profile_info=mysql_fetch_array($result_name);
			$from = "<a href=\"index.php?do=profile&profile_id=".$profile_info['id']."\">".$profile_info['name']."</a><br>";
			$from .= GetStatusImg($profile_info['status']);					

			$from .= "<br><img src=\"index.php?do=getphoto&square=1&size=75&id=".$profile_info['photo']."\" title=\"".$profile_info['name']."\">";

		} else $from .= GetLangString($lang,"txt_unknown");
		
		$time = date("d-m-Y H:i:s",$comment['time']);
		$text = text2html(bb2html($comment['text']));
		
		if ($comment['type']==0 or $comment['type']==2 ) {
			$status 			= GetLangString($lang,"txt_new");
			$query   			= "UPDATE comments set type=".($comment['type']+1)." where id=" . $comment['id'] ;
			$result_name	= mysql_query($query);
		}

		$reply = "<a href='index.php?do=sendpm&to=".$comment['from']."'>".GetLangString($lang,"txt_reply")."</a>";

		if ($comment['type']==0 or $comment['type']==1 ) 
		$COMMENTS = "<tr>
			<td align=\"center\" width=\"125\" valign=\"top\">
			$from<br>$time<br><b>$status</b><br> $reply - 
			<a href=\"index.php?do=pm&delete=".$comment['id']."\" >".GetLangString($lang,"txt_delete")."</a>
			</td>	<td valign=\"top\">$text</td></tr>$COMMENTS"; else 
		if ($comment['type']==2 or $comment['type']==3 ) 					
		$PMS = "<tr>
			<td align=\"center\" width=\"125\" valign=\"top\">
			$from<br>$time<br><b>$status</b><br> $reply - 
			<a href=\"index.php?do=pm&delete=".$comment['id']."\" >".GetLangString($lang,"txt_delete")."</a>
			</td>	<td valign=\"top\">$text</td></tr>$PMS";
	}
} 

	$PMS 			= "<table border=\"1\" width=\"100%\">$PMS</table>";
	$COMMENTS =  "<table border=\"1\" width=\"100%\">$COMMENTS</table>";
	$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_pms")			,$PMS);
	$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_comments")	,$COMMENTS);

}




?>
